Mailinglist Archive: opensuse (3349 mails)

< Previous Next >
SuSE 9.3 php4-ldap TLS problem
  • From: Markus Natter <markus.natter@xxxxxxxxx>
  • Date: Thu, 19 May 2005 17:14:04 +0200
  • Message-id: <3c4c76b405051908142f49af19@xxxxxxxxxxxxxx>
Hi,

I've got this problem since SLE 9.3 ( and just there ).
I'm trying to connect to an LDAP-Server that requires a x509
certificate from the client side using TLS, but the Apache / php-ldap
does not send the given certificate to the ldap server
and the connection fails.

To set the Certificate locations I've specified the user context only
options in /etc/openldap/ldap.conf:

TLS_CERT /etc/openldap/tls/mycert.foo.com.pem
TLS_KEY /etc/openldap/tls/mycert.foo.com.key
TLS_CACERT /etc/openldap/ca/ca.foo.com.pem

( it was enough in 9.1 or in SLES9 to put it only there )

It is recommended ( see www.php.net ) to provide the
/etc/openldap/ldap.conf also in the home directory of the user as
.ldaprc ( I also tried ldaprc ). For Apache2 (prefork) user this
should be /var/lib/wwwrun. But the connection failed, too.

If I do a strace on the apache processes (childs included) [ strace -q
-f httpd2-prefork ] I see that apache is using the
/etc/openldap/ldap.conf file but not reading the given certificates (
as it used to be in 9.1.. ).

The .ldaprc and ldaprc files in the home directory are completly ignored.

The only thing that did work was to put an ldaprc (not as hidden file)
in the current DocumentRoot, which is not really satisfying.. as you'd
needed to put one in each directory.

Maybe something is broken in the ldap libs, or php-ldap bindings.

Any help would be appreciated,


Markus

< Previous Next >
This Thread
  • No further messages